Update setup-hf-config.mjs

setup-hf-config.mjs

@@ -1,111 +1,206 @@
-import fs from "node:fs";
-import path from "node:path";
-import https from "node:https";
+import fs   from “node:fs”;
+import path from “node:path”;
+import https from “node:https”;
 
 // ============================================================
 // OpenClaw HF Spaces - Production Config Writer
+// Called ONCE per container lifetime by entrypoint.sh.
+// Always writes fresh config from env vars on first boot.
 // ============================================================
 
-const HOME        = process.env.OPENCLAW_HOME || process.env.HOME || "/home/user";
-const STATE_DIR   = path.join(HOME, ".openclaw");
-const CONFIG_PATH = path.join(STATE_DIR, "openclaw.json");
-const WORKSPACE   = path.join(STATE_DIR, "workspace");
-const SPACE_HOST  = (process.env.SPACE_HOST || "").trim();
+var HOME        = process.env.OPENCLAW_HOME || process.env.HOME || “/home/user”;
+var STATE_DIR   = path.join(HOME, “.openclaw”);
+var CONFIG_PATH = path.join(STATE_DIR, “openclaw.json”);
+var WORKSPACE   = path.join(STATE_DIR, “workspace”);
+var SPACE_HOST  = (process.env.SPACE_HOST || “”).trim();
 
-console.log("[setup] Starting… HOME=" + HOME);
+console.log(”[setup] Starting… HOME=” + HOME);
 
 function parseList(val) {
-  if (!val || !val.trim()) return [];
-  return val.split(",").map(s => s.trim()).filter(Boolean);
+if (!val || !val.trim()) return [];
+return val.split(”,”).map(function(s) { return s.trim(); }).filter(Boolean);
 }
 
 function envStr(key) {
-  return (process.env[key] || "").trim();
+return (process.env[key] || “”).trim();
 }
 
-// auth
-const gatewayToken    = envStr("OPENCLAW_GATEWAY_TOKEN");
-const gatewayPassword = envStr("OPENCLAW_GATEWAY_PASSWORD");
+// –– auth –––––––––––––––––––––––––
+
+var gatewayToken    = envStr(“OPENCLAW_GATEWAY_TOKEN”);
+var gatewayPassword = envStr(“OPENCLAW_GATEWAY_PASSWORD”);
 
 if (!gatewayToken && !gatewayPassword) {
-  console.error("[setup] FATAL: set OPENCLAW_GATEWAY_TOKEN or OPENCLAW_GATEWAY_PASSWORD");
-  process.exit(0);
+console.error(”[setup] FATAL: set OPENCLAW_GATEWAY_TOKEN or OPENCLAW_GATEWAY_PASSWORD”);
+process.exit(0);
 }
 
-const defaultModel = envStr("OPENCLAW_HF_DEFAULT_MODEL") || "google/gemini-2.0-flash";
+// –– model ———————————————––
+
+var defaultModel = envStr(“OPENCLAW_HF_DEFAULT_MODEL”) || “google/gemini-2.0-flash”;
 
-// provider keys
-const EXCLUDE_PREFIXES = ["OPENCLAW_", "SPACE_", "SYSTEM_", "HF_", "NODE_", "PATH", "HOME", "USER", "PWD", "LANG", "LC_", "npm_", "HOSTNAME", "SHELL", "TERM", "SHLVL"];
-const INCLUDE_SUFFIXES = ["_API_KEY", "_SECRET_KEY", "_ACCESS_TOKEN", "_BOT_TOKEN", "_AUTH_TOKEN", "_APP_KEY"];
+// –– provider keys —————————————–
+
+var EXCLUDE_PREFIXES = [
+“OPENCLAW_”, “SPACE_”, “SYSTEM_”, “HF_”,
+“NODE_”, “PATH”, “HOME”, “USER”, “PWD”, “LANG”, “LC_”,
+“npm_”, “HOSTNAME”, “SHELL”, “TERM”, “SHLVL”
+];
+var INCLUDE_SUFFIXES = [
+“_API_KEY”, “_SECRET_KEY”, “_ACCESS_TOKEN”,
+“_BOT_TOKEN”, “_AUTH_TOKEN”, “_APP_KEY”
+];
 
 function isProviderKey(k) {
-  for (const prefix of EXCLUDE_PREFIXES) if (k.startsWith(prefix)) return false;
-  for (const suffix of INCLUDE_SUFFIXES) if (k.endsWith(suffix)) return true;
-  return false;
-}
-
-const providerKeys = Object.keys(process.env)
-  .filter(k => isProviderKey(k) && (process.env[k] || "").trim())
-  .sort();
-
-console.log(`[setup] Detected provider keys (${providerKeys.length}):`);
-providerKeys.forEach(k => console.log("  + " + k));
-
-const trustedProxies = parseList(envStr("OPENCLAW_GATEWAY_TRUSTED_PROXIES")).length > 0 
-  ? parseList(envStr("OPENCLAW_GATEWAY_TRUSTED_PROXIES"))
-  : ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16", "10.16.0.0/12", "10.20.0.0/12", "127.0.0.1"];
-
-const config = {
-  gateway: {
-    auth: gatewayToken ? { mode: "token", token: gatewayToken } : { mode: "password", password: gatewayPassword },
-    controlUi: {
-      allowInsecureAuth: true,
-      allowedOrigins: ["*"],
-      dangerouslyDisableDeviceAuth: true,
-      dangerouslyAllowHostHeaderOriginFallback: true
-    },
-    trustedProxies: trustedProxies
-  },
-  agents: {
-    defaults: { model: defaultModel, workspace: WORKSPACE }
-  },
-  env: { vars: {} }
+var i;
+for (i = 0; i < EXCLUDE_PREFIXES.length; i++) {
+if (k.indexOf(EXCLUDE_PREFIXES[i]) === 0) return false;
+}
+for (i = 0; i < INCLUDE_SUFFIXES.length; i++) {
+var s = INCLUDE_SUFFIXES[i];
+if (k.length > s.length && k.indexOf(s) === k.length - s.length) return true;
+}
+return false;
+}
+
+var providerKeys = Object.keys(process.env).filter(function(k) {
+return isProviderKey(k) && (process.env[k] || “”).trim();
+}).sort();
+
+console.log(”[setup] Detected provider keys (” + providerKeys.length + “):”);
+providerKeys.forEach(function(k) { console.log(”  + “ + k); });
+
+// –– trusted proxies —————————————
+
+var envProxies     = parseList(envStr(“OPENCLAW_GATEWAY_TRUSTED_PROXIES”));
+var trustedProxies = envProxies.length > 0 ? envProxies : [
+“10.0.0.0/8”,
+“172.16.0.0/12”,
+“192.168.0.0/16”,
+“10.16.0.0/12”,   “10.20.0.0/12”,
+“10.16.4.123”,    “10.16.7.92”,   “10.16.18.232”,
+“10.16.34.155”,   “10.16.43.133”, “10.16.1.206”,
+“10.16.37.110”,   “10.16.43.246”,
+“10.20.1.9”,      “10.20.1.222”,
+“10.20.26.157”,   “10.20.31.87”,
+“10.20.0.1”,      “172.17.0.1”,
+“127.0.0.1”
+];
+
+// –– build config ——————————————
+
+var config = {
+gateway: {
+auth: gatewayToken
+? { mode: “token”,    token:    gatewayToken    }
+: { mode: “password”, password: gatewayPassword },
+controlUi: {
+allowInsecureAuth:                        true,
+allowedOrigins:                           [”*”],
+dangerouslyDisableDeviceAuth:             true,
+dangerouslyAllowHostHeaderOriginFallback: true
+},
+trustedProxies: trustedProxies
+},
+agents: {
+defaults: {
+model:     defaultModel,
+workspace: WORKSPACE
+}
+},
+env: { vars: {} }
 };
 
-providerKeys.forEach(pk => {
-  config.env.vars[pk] = (process.env[pk] || "").trim();
+providerKeys.forEach(function(pk) {
+config.env.vars[pk] = (process.env[pk] || “”).trim();
+});
+
+// –– Telegram –––––––––––––––––––––––
+
+function tgRequest(token, method, body) {
+return new Promise(function(resolve) {
+var data = JSON.stringify(body || {});
+var req  = https.request({
+hostname: “api.telegram.org”,
+path:     “/bot” + token + “/” + method,
+method:   “POST”,
+headers:  {
+“Content-Type”:   “application/json”,
+“Content-Length”: Buffer.byteLength(data)
+}
+}, function(res) {
+var buf = “”;
+res.on(“data”, function(c) { buf += c; });
+res.on(“end”,  function() {
+try { resolve(JSON.parse(buf)); } catch (e) { resolve(null); }
 });
+});
+req.on(“error”, function() { resolve(null); });
+req.setTimeout(8000, function() { req.destroy(); resolve(null); });
+req.write(data);
+req.end();
+});
+}
 
-// Telegram
 async function setupTelegram() {
-  const token = envStr("TELEGRAM_BOT_TOKEN");
-  if (!token) {
-    console.log("[setup] Telegram: disabled");
-    return;
-  }
-  console.log("[setup] Telegram: configured");
+var token = envStr(“TELEGRAM_BOT_TOKEN”);
+if (!token) {
+console.log(”[setup] Telegram: disabled (no TELEGRAM_BOT_TOKEN)”);
+return;
 }
 
+if (SPACE_HOST) {
+var webhookUrl = “https://” + SPACE_HOST + “/tg-webhook”;
+var r = await tgRequest(token, “setWebhook”, {
+url:                  webhookUrl,
+drop_pending_updates: true,
+max_connections:      10
+});
+if (r && r.ok) {
+console.log(”[setup] Telegram: webhook registered -> “ + webhookUrl);
+} else {
+console.log(”[setup] Telegram: auto-registration failed”);
+console.log(”[setup] Open this URL in your browser once:”);
+console.log(”  https://api.telegram.org/bot” + token +
+“/setWebhook?url=” + webhookUrl + “&drop_pending_updates=true”);
+}
+} else {
+console.log(”[setup] Telegram: set SPACE_HOST for auto webhook”);
+}
+
+config.channels = {
+telegram: {
+enabled:  true,
+accounts: {
+main: { botToken: token, apiRoot: “https://api.telegram.org” }
+}
+}
+};
+console.log(”[setup] Telegram: configured”);
+}
+
+// –– main –––––––––––––––––––––––––
+
 (async function() {
-  fs.mkdirSync(STATE_DIR, { recursive: true });
-  fs.mkdirSync(WORKSPACE, { recursive: true });
-  fs.mkdirSync(path.join(WORKSPACE, "memory"), { recursive: true });
-
-  await setupTelegram();
-
-  if (fs.existsSync(CONFIG_PATH)) {
-    fs.copyFileSync(CONFIG_PATH, CONFIG_PATH + ".bak");
-  }
-  fs.writeFileSync(CONFIG_PATH, JSON.stringify(config, null, 2), "utf-8");
-
-  console.log("[setup] Done.");
-  console.log("[setup]   auth      = " + (gatewayToken ? "token" : "password"));
-  console.log("[setup]   model     = " + defaultModel);
-  console.log("[setup]   workspace = " + WORKSPACE);
-  console.log("[setup]   proxies   = " + trustedProxies.length);
-  console.log("[setup]   env.vars  = " + providerKeys.length);
-  console.log("[setup]   config    = " + CONFIG_PATH);
-})().catch(e => {
-  console.error("[setup] Fatal: " + e.message);
-  process.exit(0);
+fs.mkdirSync(STATE_DIR, { recursive: true });
+fs.mkdirSync(WORKSPACE,  { recursive: true });
+fs.mkdirSync(path.join(WORKSPACE, “memory”), { recursive: true });
+
+await setupTelegram();
+
+if (fs.existsSync(CONFIG_PATH)) {
+fs.copyFileSync(CONFIG_PATH, CONFIG_PATH + “.bak”);
+}
+fs.writeFileSync(CONFIG_PATH, JSON.stringify(config, null, 2), “utf-8”);
+
+console.log(”[setup] Done.”);
+console.log(”[setup]   auth      = “ + (gatewayToken ? “token” : “password”));
+console.log(”[setup]   model     = “ + defaultModel);
+console.log(”[setup]   workspace = “ + WORKSPACE);
+console.log(”[setup]   proxies   = “ + trustedProxies.length);
+console.log(”[setup]   env.vars  = “ + providerKeys.length);
+console.log(”[setup]   config    = “ + CONFIG_PATH);
+})().catch(function(e) {
+console.error(”[setup] Fatal: “ + e.message);
+process.exit(0);
 });